From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 4 Dec 2017 17:46:39 +0000 (+0100)
Subject: BUG/MINOR: ssl: support tune.ssl.cachesize 0 again
X-Git-Tag: v1.9-dev1~608
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c61c0b371bebe0619cf4628b60b7c79d19e97269;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: support tune.ssl.cachesize 0 again

Since the split of the shctx and the ssl cache, we lost the ability to
disable the cache with tune.ssl.cachesize 0.

Worst than that, when using this configuration, haproxy segfaults during
the configuration parsing.

Must be backported to 1.8.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index da1aecbccd..4741be11c5 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4705,7 +4705,7 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
 			return -1;
 		}
 	}
-	if (!ssl_shctx) {
+	if (!ssl_shctx && global.tune.sslcachesize) {
 		alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
 		                       sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
 		                       sizeof(*sh_ssl_sess_tree),